How do we map LDAP groups to the teams in OLAM? OLAM is based on the upstream project Ansible AWX.
I am trying to implement RBAC in OLAM. It seems we need to create new LDAP object in OLAM every time we want to map new LDAP group to the team.
OLAM documentation:
https://docs.oracle.com/en/operating-systems/oracle-linux-automation-manager
Related
I have a puppet module that is deploying a standalone nifi instance. It's all working and it will deploy the application with an initial admin user etc via authorizers.conf.
But in order to configure additional users and groups there is a long process of creating policies and adding users and groups via the gui. I want to automate some of this in my puppet module.
It would be good to be able to automatically create an admin group which is already assigned to a load of policies.
It doesn't seem like this is possible though as the best-practice is to only edit authorizers.xml and allow that to create the resulting authorisations.xml and users.xml, and there is no setting within authorizers.xml to create initial groups or initial policies.
My only idea at the moment is to use something like the nipyapi python module to create users and groups via the api during the initial install.
Or perhaps ignoring the authorisers.xml and just deploy a pre-configured authorizations.xml and users.xml.
Am I missing any other simple or better options?
We are trying to set up a SonarQube server (v. 6.5) to run in Kubernetes. Because of this, we need everything to be configured "as code" not through the web interface.
We have successfully set up single sign-on (SSO) against LDAP server, and that works as such. But since users can then not log out in order to log in as a static admin, we need some way to configure a group that has admin privileges.
It is my understanding that this should be done via group mapping, but all documentation and examples I can find only suggest setting up the groups through the UI.
Is there some way to configure groups via sonar.properties (or other properties file) that are then automatically mapped against groups from LDAP, and configure a group to get admin rights?
I am pretty new to SonarQube (and no ldap expert either), so I hope the question makes sense.
There is no way to configure groups through properties. There are web services (which are used by the UI itself) with which you could script this.
Alternately, see if you can turn on group synching with your SSO. Then you just have to grant admin rights (via the UI? via web services?) to the appropriate group in SonarQube.
I have an elasticsearch(2.4.4) server and I'm using elasticsearch java client to manage indicies. I've added authentication with elasticsearch shield plugin(2.2.0) and it works properly. Now, i want to create new roles dynamically but it seems that not possible to do this using client.
Is it the only way making API requests to manage roles dynamically or am i missing something?
I have a mesos cluster with a master and 6 agents. I have enabled authentication for users and passed user credentials with their roles while starting mesos-master. Now I wanted to dynamically add new users to the master. How can I do that without stopping mesos-master?
You can develop your own authentication module
Authenticatee and Authenticator modules allow for third parties to quickly develop and plug-in new authentication methods. An example for such modules could be to support PAM (LDAP, MySQL, NIS, UNIX) backed authentication. — Documentation / Modules
Here you can see example how to do it. This code is quite old but it shows basic concept.
Is it possible to edit assigned compatible configurations for agents in teamcity rest api?
(I am using 9.0.2).
Yes - you can add or remove any project to any agent pool through the REST API:
POST the plain text (name) to
http://teamcity.url/app/rest/agentPools/id:XXX/projects
Delete a project from a pool: DELETE
http://teamcity.url/app/rest/agentPools/id:XXX/projects/id:YYY
See the docs here.
An agent pool is just a n:m mapping concept in TeamCity that allows you to specify which agents can run which projects - it allows for more flexibility than directly assigning agents to projects.